Configuring Adaptive Wireless Intrusion Prevention System

Finding Feature
Information

Prerequisites for Configuring wIPS

The regular local mode access point has been extended with a subset of Wireless Intrusion Prevention System (wIPS) capabilities. This feature enables you to deploy your access points to provide protection without needing a separate overlay network.

How to Configure wIPS on Access Points

Configuring wIPS on an Access Point (CLI)

SUMMARY STEPS

1.apnameCisco_APmodelocal

2.apnameCisco_APdot115ghzshutdown

3.apnameCisco_APdot1124ghzshutdown

4.apnameCisco_APmodemonitorsubmodewips

5.apnameCisco_APmonitor-modewips-optimized

6.showapdot1124ghzmonitor

7.apnameCisco_APnodot115ghzshutdown

8.apnameCisco_APnodot1124ghzshutdown

DETAILED STEPS

Command or Action

Purpose

Step 1

apnameCisco_APmodelocal

Example:

Switch# ap name AP01 mode local

Configures an access point for monitor mode.

A message appears that indicates that changing the AP's mode causes the access point to reboot. This message also displays a prompt that enables you to specify whether or not you want to continue with changing the AP mode. Enter y at the prompt to continue.

Step 2

apnameCisco_APdot115ghzshutdown

Example:

Switch# ap name AP01 dot11 5ghz shutdown

Disables the 802.11a radio on the access point.

Step 3

apnameCisco_APdot1124ghzshutdown

Example:

Switch# ap name AP02 dot11 24ghz shutdown

Disables the 802.11b radio on the access point.

Step 4

apnameCisco_APmodemonitorsubmodewips

Example:

Switch# ap name AP01 mode monitor
submode wips

Configures the wIPS submode on the access point.

Note

To disable wIPS on the access point, enter the apnameCisco_APmodemonitorsubmodenone command.

Step 5

apnameCisco_APmonitor-modewips-optimized

Example:

Switch# ap name AP01 monitor-mode
wips-optimized

Enables wIPS optimized channel scanning for the access point.

The access point scans each channel for 250 milliseconds. It derives the list of channels to be scanned from the monitor configuration. You can choose the following options:

All—All channels supported by the access point’s radio.

Country—Only the channels supported by the access point’s country of operation.

DCA—Only the channel set used by the dynamic channel assignment (DCA) algorithm, which by default includes all of the nonoverlapping channels allowed in the access point’s country of operation.

Step 6

showapdot1124ghzmonitor

Example:

Switch# show ap dot11 24ghz monitor

Displays the monitor configuration channel set.

Note

The 802.11b Monitor Channels value in the output of the command indicates the monitor configuration channel set.

Step 7

apnameCisco_APnodot115ghzshutdown

Example:

Switch# ap name AP01 no dot11
5ghz shutdown

Enables the 802.11a radio on the access point.

Step 8

apnameCisco_APnodot1124ghzshutdown

Example:

Switch# ap name AP01 no dot11
24ghz shutdown

Enables the 802.11b radio on the access point.

Configuring wIPS on
an Access Point (GUI)

Step 1

Choose
Configuration > Wireless > Access
Points > All APs

The
All
APs page is displayed.

Step 2

Click the access
point name.

The
AP
> Edit page is displayed.

Step 3

From the
AP
Mode drop-down list, choose one of the following options to
configure the AP mode parameters:

Local

Monitor

Step 4

From the
AP Sub
Mode drop-down list, choose
WIPS.

Step 5

Click
Apply.

Step 6

Click
Save
Configuration.

Monitoring wIPS Information

Note

The procedure to perform this task using the switch GUI is not currently available.